Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 25 Jul 2004 23:01:06 GMT
From:      Timothy Radigan <tradigan@newrevolutions.net>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/69596: When logging in or su'ing to root, I noticed that if you type the correct password but add characters to the end of the correct password, the password still passes validation and allows you to login
Message-ID:  <200407252301.i6PN16AH063934@www.freebsd.org>
Resent-Message-ID: <200407252310.i6PNAFwX036242@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         69596
>Category:       misc
>Synopsis:       When logging in or su'ing to root, I noticed that if you type the correct password but add characters to the end of the correct password, the password still passes validation and allows you to login
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul 25 23:10:15 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Timothy Radigan
>Release:        5.1
>Organization:
New Revolutions
>Environment:
FreeBSD nr-fbsd-01.newrevolutions.net 5.1-RELEASE-p16 FreeBSD 5.1-RELEASE-p16 #2: Sat May 15 14:35:21 EDT 2004    radigan@nr-fbsd-01.newrevolutions.net:/usr/obj/usr/src/sus/nr-fbsd-01  i386
>Description:
When logging into my FreeBSD server, I logged on as my regular user and typed the password correctly but added a few extra characters after I entered my password.  Suprisingly, the machine let me in.  I tried to log in with a completely wrong password and it denied access.  This problem also occurs when su'ing to root.  I type su, then type the password (correctly) and add extra characters on the end and it granted me root access.
>How-To-Repeat:
Log in using an account, type the correct password and a few extra characters after the correct password and try to log in.  You will be validated and access is granted.
>Fix:
      
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407252301.i6PN16AH063934>